Tips to Stop or Reduce Threats Posed by DDoS

Are you tired of Denial of Service (DoS) attacks interrupting network availability, and you simply do not know what to do about them? If so, you are about to learn five important tips for preventing them. They may be just the solutions you need to overcome future attacks.

slide 1 of 2

What Is a Denial of Service Attack?

A Denial of Service (DoS) Attack is an attack that interrupts network availability when users require its service. It is an attack that is launched against network servers. Such an attack can be intentional (a malicious act) to deliberately shut down a network and prevent users from access to the resources they need, or accidental (when the hardware or software fails). Simply said, it targets the network server (or another network segment) to make it unavailable to users.

The Virtualpune glossary states this: "Denial of service attack is an act by the criminal, who floods the bandwidth of the victim’s network or fills his e-mail box with spam mail depriving him of the services he is entitled to access." [1]

Types of Denial of Service Attacks (attacks that can disrupt service) include:

Transmission failures. From a malicious standpoint, such an attack can cause an overload of rejected data.

Flooding. When more data is sent by the attacker than can be handled by the network, connection flooding is the outcome.

Syn Flood. This attack will send more requests to a server than it can handle. Too many SYN requests sent by an attacker with no ACKs (acknowledgments) can fill the victim's SYN_RECV queue.

Note: Regardless of what type of attack occurs (from those listed above), they all have one thing in common: all are availability type attacks that threaten continued network service to users. They cause the server to process too many system requests and, as a result, the network is effectively blocked and is unavailable.

DoS attacks continue to be a problem today. There are, however, ways computer users can stop or reduce them.

slide 2 of 2

Attack Prevention

"Denial-of-service attacks come in a variety of forms and aim at a variety of services." [2] Computer users may not stop DoS or DDoS (distributed denial of service) attacks, but they can certainly take steps to reduce the risks associated with them. Here are "5 Tips for Preventing Denial of Service Attacks" to ensure network availability to users:

Avoid single points of failure (which is an issue on network availability). Solution: Within the network architecture, having a mesh network can be ideal to make either the firewall or router the single point of failure for the communication network between computers. Using a mesh network topology can create a more robust network, as explained by Information Age (http://www.information-age.com/articles/289726/single-point-of-failure.thtml), and can sustain a node if one should fail, making it possible to re-route its traffic. An alternative solution to avoid single points of failure is to add LAN switches (as shown in the diagram to the right). They could help resolve network failures caused by a DoS attack.

Implement a redundant firewall or router. Solution: To ensure availability, a network could incorporate a redundant hardware system at the switch to eliminate failure points.

Use a firewall. A well-configured firewall is able to prevent most attacks. Firewalls are one of the most important screening devices on a network. Even though they are targets themselves for DoS attacks, they are useful as a defense countermeasure in protecting an environment connected to a network.

Deploy a screened subnet, a demilitarized zone (DMZ). By placing a DMZ on the network between the router and an external firewall, it can be used as a buffer area to protect the LAN.

Buy an intrusion detection system (IDS). A network-based IDS attached to the perimeter of the network can help monitor network activity (such as an attack) with its ability to raise an alarm in time for a network administrator to take protective action.

Note: Built-in firewalls or an IDS (see Firewall or IDS - What's the Difference?) perform well against incoming DoS attacks. (It's best not to place either the firewall or IDS in front of servers because they may become immediate bottlenecks in the face of DDoS, says an article by Computerworld.)

Advise: Computer users should add a security software suite from Symantec or McAfee on the network server because it could adequately protect most at-risk network attacks and spoofing, which may lead to a Denial of Service.

An ideal software solution for the network is: Sygate Personal Firewall Pro 5.5 or Kaspersky Internet Security, which includes a firewall with an Intrusion Detection System (IDS).